Secure (e.g., encrypted and signed) email and document signing and encryption and verification via public key cryptography rely on the use of private and public key pairs. Public keys can include identity keys, or be included in digital or identity certificates. When networked devices want to interact with entities over the Internet via secure email, the networked devices' local key stores must contain the entities' public keys for the networked devices to verify the entities' cryptographic signature or enable encrypted data exchanges with the entities. However, networked devices and their users often encounter difficulties when interacting or exchanging signed and encrypted documents with other entities over the Internet via secure email. For instance, no general adopted means currently exists for the users to discover and obtain public keys required for such secure interactions or data exchanges. Instead, provisioning of sender public keys into a recipient's local key store is currently a manual process not familiar to most users. Even for users that are familiar, the manual process is error prone and usually involves exchanging public keys with the sender over an insecure communication channel via an out-of-band method, thus subjecting “secure” interactions and exchanges to compromise. Moreover, users trust certificates that are signed by any one of many certificate authorities, but certificate authorities are not foolproof and indeed have mistakenly signed unauthorized certificates. DANE, on the other hand, allows the resource holder to directly attest for which certificates they are using.
Thus, there is a need for simple and intuitive approaches for users to discover and obtain public keys required for conducting public key cryptography-based secure interactions or data exchanges.